Numerous computing applications have been proposed, and in some cases
implemented, that have the potential of being invasive of privacy. Examples range
from commercially produced tags using Radio Frequency Identification (RFID)
technology to governmental programs such as Total Information Awareness. We will
discuss examples of computer science research and of applications of computing
technology that raise privacy and civil liberties issues.

We shall attempt to answer the following questions: 1. Is technology
"neutral"? Should decisions about the applications of technology be left solely to
the marketplace, the government, policy makers, and/or the law? Do the people
developing the technology have any ethical, moral, or legal responsibilities
regarding it subsequent use? What about businesses that market the technology? 2.
Is it possible or even desirable to raise awareness of privacy and civil liberties
issues among CS researchers and funders of CS research? Do researchers and/or
funders have any ethical responsibilities in trying to raise awareness? 3. Is it
possible to devise technologies that address privacy and civil liberties concerns?
If so, what strategies might be effective in providing or increasing funding for
the development of such technologies? Is there a risk in trying to develop
"ameliorating" technologies? Examples? 4. Have there been examples of CS R&D
projects where such issues have been successfully addressed? 5. Are there any
research or development projects on which people should refuse to work? What is the
role of the individual? How do you decide? What kinds of penalties might society
extract? Examples?

Identity issues have become part of daily business and the daily news
for individuals around the world. New identification and authentication
technologies are often complex and counter-intuitive. Privacy is often viewed as a
barrier to better authentication and identification. But do they privacy and
authentication to be in tension?

This tutorial will cover the terminology, standards, current controversies
and best practices in privacy and authentication. We will explore E-Authentication,
biometrics, smart cards, datamining, and pattern analysis. We will consider how
some of the current authentication technologies address privacy. Commercial Web
services, E-Government, transportation security, and identity fraud issues will be
addressed.

This half-day tutorial workshop will give you hands-on experience in
network surveillance. It will provide a high-level overview of network basics,
including the OSI layer model, as a prologue to getting down and dirty with packet
sniffing, wireless network scanners, intercepting encrypted protocol
transmissions, port scanning, and more.

We'll cover everything from basic terminology to live demonstrations
of how networks can be spied on, including packet sniffing, intercepting traffic,
"man-in-the-middle" attacks, SSL spoofing, and more, as well as information and
demonstrations on how common defense mechanisms work to protect your networks
against passive and active surveillance.

While many companies try to minimize the expense of complying with existing
laws, crucial information is being stolen, modified, and used for illegitimate
purposes. What is a company's exposure to liability in the event of a breach of
security? Should there be additional laws and regulations to force companies to
protect private or sensitive data?

Recently, new information security laws and regulations have been enacted.
Concurrently, the Federal Trade Commission and State Attorneys General have
investigated numerous companies' security practices in response to concerns with
vulnerabilities, or following a breach of security. Collectively, these laws,
regulations, and decisions create standards, which become the measuring stick in
litigation. We'll provide a survey of recent laws, enforcement actions, and class
action litigation related to information security; presents possible actions for
companies; and suggests possible incentives for creating and implementing security
measures.

Radio frequency ID (RFID) presents the possibility of an
Internet-for-things, bringing digital information economics and control into the
analog, informationally limited, real world. It presents a new set of privacy
risks, including the possibility of much more robust and pervasive profiling. To
what degree should RFID be subject to regulatory restraints? Can we avoid privacy
problems through intelligent technical design now?

This tutorial is for anyone who wants to learn about the privacy and civil
liberties risks posed by RFID. It will examine the technology, its current and
contemplated applications, and the possibilities for political action to mitigate
the privacy risks of RFID and other location/tracking technologies and practices.

Mike Godwin, Senior Technology Counsel, Public Knowledge, will teach the
basics of constitutional law in cyberspace, with an emphasis on free-speech and
privacy issues. This tutorial is designed to inform non-lawyers and lawyers alike
about the constitutional issues that underlie computer-crime and computer
civil-liberties cases, as well as about the policy issues relating to intellectual
property and jurisdiction on the Net. Its goal is to prepare attendees to
understand the full range of constitutional and civil-liberties issues discussed at
the main panels and presentations at CFP2004, with particular emphasis this year on
the intersection of copyright law, constitutional law, and technology policy.

Presenter: Mike Godwin, Senior
Technology Counsel, Public Knowledge, has done evolving versions of this tutorial
at 11 different CFP conferences (sometimes for CLE credit and sometimes not), and
the tutorial has continued to be well-subscribed and highly rated.

Primer on telecommunications law and concepts critical to
understanding the scope of the Federal Communication Commission's regulatory
authority over the Internet. Covers the original regulation of telephone companies
under a "common carrier" model, and the gradual removal of services such as data
storage and long-distance service from the framework of monopoly regulation, a
process that culminated in the 1996 Telecommunications Act. It will also provide an
overview of today's hot regulatory topics. It will introduce the major players: FCC
commissioners; relevant congressional commissions; state public utility
commissions; & affected industries. It will review the classification of Internet
access as unregulated "information services," and explain the practical
implications of classification as a regulated "telecommunications service."
Finally, it will provide background on debates about broadband Internet access,
wireless telephony & networks, including spread-spectrum and smart-radio
technology, and voice over IP.

Research has established that notices need to be relatively short, in a common
format and in plain English to work for consumers. However, such notices are, by
definition, not complete. This creates liability issues for companies. Sometimes,
laws are conflicted over what lawmakers want from organizations giving notice. This
tutorial will explore the research, government action on short notices, and the
liability issues.

Touch-screen voting machines store records of cast votes in internal
memory, where the voter cannot check them. Because of our system of secret
ballots, once the voter leaves the polls there is no way anyone can determine
whether the vote captured was what the voter intended. Why should voters trust
these machines?

Last December, I drafted a "Resolution on Electronic Voting" stating
that every voting system should have a "voter verifiable audit trail," which is a
permanent record of the vote that can be checked for accuracy by the voter, and
which is saved for a recount if it is required. After many rewrites, I posted the
page in January with endorsements from many prominent computer scientists. At that
point, I became embroiled in a surprisingly fierce (and time consuming) battle that
continues today.

We still don't have an answer for why we should trust electronic voting
machines, but a lot of evidence has emerged for why we should NOT.

In this talk, I will discuss the basic principles and issues in
electronic voting.

2004 marks the 40th Anniversary of the '64 Civil Rights Act. This landmark Act
outlawed discrimination in public places, required employers to provide equal
employment opportunities, and stated that uniform standards for the right to vote
must prevail. We will explore the relationship between privacy and civil rights, in
light of the anniversary, focusing on the segment of our population who are without
computers but constantly subject to computer monitoring. Computer systems have not
eliminated discrimination - on the contrary: Discrimination has been grafted into
profiling algorithms, taking on airs of impartiality. We will focus on three
prominent issues that intersect computing and disadvantaged populations: Homeless
Management Information Systems, Credit Scoring, and Biometric Collection of
information on recipients of public benefits.

The FBI is back, insisting that VoIP be subject to the same
wiretap-friendly design mandates that apply to the plain old telephone system under
the controversial CALEA legislation. The FBI recently filed a petition asking for
an FCC rulemaking on the issue. Will the desire to guarantee law enforcement
access reach into the core of the Internet? What are the risks of tapping the Net?
Can surveillance questions be rationally addressed in the age of terrorism? Leading
participants in the debate from law enforcement, civil liberties and industry
explore these and related issues.

Radio frequency ID (RFID) presents the possibility of an
"Internet-for-things", bringing digital information economics and control into the
analog, informationally limited, real world. It presents a new set of privacy
risks, including the possibility of much more robust and pervasive profiling. To
what degree should RFID be subject to regulatory restraints? Can we avoid privacy
problems through intelligent technical design now?

Technologies make their way across the world through global
commerce. However, technologies have different applications and implications
depending on culture and legal regimes. Those deploying technologies are faced with
demands that they reserve and limit access to various content. At the same time,
blogs have proven useful in routing around censorship. In China firewall
technology is used as a tool of censorship, a wall to keep citizens in rather than
to keep hackers out. What is being done to ameliorate negative and advance positive
impacts of technology? What have companies done, and what risks do they take?

People use search engines for the vast majority of online
content they access - giving a handful of companies the ability to shape what the
world sees and thinks about. Alarmingly, and unbeknownst to users, search engine
companies effectively censor content in subtle ways, both for commercial reasons
and when asked by governments. Ranking technologies provide users with a
homogenized handful of sites, and render smaller sites nearly invisible. Search
engine results are famously prone to manipulation. Finally, using search engines is
more complex than it seems, and general users have difficulty finding the right
content. The panel exposes hidden vulnerabilities of these critical gatekeepers to
the online world, and considers remedies.

Are governments trying to take over the Internet? Are their
actions indispensable to bringing the benefits of the information society to all?
Or is it something in the murky middle, where the details (and devils!) lie? In
Dec. 2003 over 10,000 delegates from governments, industry and activist groups
convened in Geneva for the first round of the UN World Summit on the Information
Society. There was little harmony on issues - from human rights and the digital
divide, to open source software and ICANN. Join us for a meeting to discuss the
issues, the stakes and the dangers that will emerge as the world prepares for the
final round of the Summit, in Tunisia in 2005.

Search and analysis of structured and unstructured data races in
parallel to the ever increasing volume of information generated globally by people
and technology. Technology continually converts analog to digital, adding to the
complexity of information. These developments erode security through obscurity
individuals have historically enjoyed. This panel will discuss the positive and
negative aspects of the business and government activities which capitalize and
exploit person-based data.

Can online organizing change the outcome of the 2004 elections? From the
"open-source" campaign model that briefly propelled Howard Dean to the front of the
Democratic pack, to the stunning impact of Moveon.org, American politics is being
turned upside down by new and innovative network-centered campaign strategies. Or
is it? We will examine recent trends and explore their implications on the 2004
election and American Democracy, discussing what tools and strategies have worked -
and failed - in recruiting and mobilizing supporters.

This video screening brings back the futuristic promises of the past --
alluring, utopian ideas like domestic robots, ubiquitous networking, telepresence,
and intelligent appliances -- and shows how major American corporations
appropriated them as their own. Their promise: a bright, affluent future enabled
by cybernetics and technology, and they're still singing the same song. We'll
counterpose films like CENTURY 21 CALLING, A NATION AT YOUR FINGERTIPS, and MAGIC
IN THE AIR with recent futuristic TV commercials from AT&T and IBM. What (if
anything) has changed? Why has utopian fantasy become campy anachronism rather
than call to action? And would we really want to live in this utopian world,
anyway?

Privacy International holds the 6th annual US Big Brother awards to
celebrate the invaders and champions of privacy. "Orwell" statutes will be
presented to the government agencies, companies and initiatives which have done
most to invade personal privacy. Brandeis Awards will be given to champions of
privacy. The Brandeis Award is named after US Supreme Court Justice Louis Brandeis,
who described privacy as "the right to be let alone." The awards are given to those
have done exemplary work to protect and champion privacy.

In July, 2003, PC World conducted what is thought to be the largest
journalistic survey of its kind: The magazine asked 1500 people to provide details
about their online privacy practices and motivations. In this session, the author
of the survey and the head of PC World's research division will discuss the
methodology for conducting the survey, and present more results than there was
space to report in print in the November, 2003 issue.

Is the Patriot Act a foreshadow of things to come, or an aberration soon
to be corrected? What are specifics of the Patriot Act and "Patriot II", and their
pluses and minuses? What are the courts doing about the Act, and how should
computer professionals respond as responsible citizens?

First, a description of the Patriot Act, the proposals in "Patriot II," the
history of the various provisions, and a description of court cases that are coming
down the pipe. Then a round table discussion as to the pluses and minuses of the
Act's purposes and means; where these might lead in the future; and the role of
technology in such evolution.

BOF session for those with no obvious "flock": this 90-minute town meeting
will try to orient first or second attendees at an ACM/CFP conference on how to
make the most of their expensive trip. Meet newbies like yourself! Later, we'll
compare notes.

Open content is revolutionising content creation and distribution just
like open source has changed the software business. Everyone using Open Content
Licensed material or interested in open content licensing is invited to a BOF to
hear a presentation on Creative Commons and the legal issues of open content
licensing. The BOF is an opportunity to exchange experiences of sharing open
content.

MobiloPhobia asks whether we should fear the friend in our pocket,
investigating how the mobile phone functions as a tracking device, through which
our movements can be monitored 24 hours a day. Mobile phones routinely generate
location data, which is stored by the operators, and regularly used in court cases
and by the intelligence services. This is cell based and simply records the closest
mast to the handset against time, while triangulation techniques allow for far
greater accuracy, and the radar-like CelldarTM system offers the capability to pull
up a real-time visual display of objects by analysing deviations in the microwave
radiation emitted by mobile phone masts. MobiloPhobia will assess the technical
capacity of different mobile phone surveillance techniques, and examine how artists
and DIY technologies offer alternative ways of engaging in surveillance to
traditional campaigning strategies. On the one hand creative projects that test the
limits of new locative technologies offer the chance to inhabit or explore the
blind spots and incoherencies of surveillance systems. And, on the other, the
emerging field of locative media explores the use of location aware portable
networked devices for social networking and cultural projects, highlighting
socially beneficial applications and creating an argument for safeguards and
openness to be integral to the platforms of tomorrow.

MobiloPhobia is part of a series of events and discussions on mobile and
locative media, which opened with MobiloTopia at Transmediale (Berlin, DE)
exploring the utopian hopes generated by locative media, and will culminate in the
Mobile Connections conference and artistic programme at the futuresonic04 festival
(Manchester, UK)

Presenters: Dr. Drew Hemment,
AHRB Research Fellow in Creative Technologies at University of Salford, UK; Nicola Green, Dept. of Sociology, University of
Surrey

The San Francisco Surveillance Camera Players oppose the
surveillance of everyday life, in particular the video surveillance of public
space, including public transit, streets, and parks. We perform short, silent plays
in front of surveillance cameras in public places, to bring attention to and
challenge their presence. We also are beginning to map the locations of
surveillance cameras in the Bay Area and give occasional walking tours. We will
discuss how to identify surveillance cameras, how common they are in the Bay Area,
and what some of the issues are (legal, Constitutional, and moral).

A walking tour is also scheduled for the following Saturday, April 24th.
It meets at 2pm by the statue in the middle of Union Square in San Francisco (take
the BART to Powell Street, then walk three blocks north on Powell).

CryptoRights is a nonprofit, nongovernmental organization (NGO)
dedicated to promoting global justice through the protection of human rights and
humanitarian workers, journalists and the information they collect and communicate
for the public good; and the preservation of freedoms for security professionals
who do open research on security and safety issues in the public interest.

SWIPE addresses the gathering of data from driver's licenses, a form of
data-collection that businesses are starting to practice in the United States. Bars
and convenience stores were the first to utilize license scanners in the name of
age and ID verification. These businesses, however, admit they reap huge benefits
from this practice beyond catching underage drinkers and smokers and fake IDs. With
one swipe - that often often occurs without notification or consent by the
cardholder - business acquires data that can be used to build a valuable consumer
database free of charge. Post 9/11, other businesses, like hospitals and airports,
are installing driver's license readers in the name of security. And still other
businesses are joining the rush to scan realizing the information contained on
driver's licenses is a potential gold mine.

Recent technology initiatives described as "Trusted Computing" have
been very controversial. We'll examine how they work and what their advantages and
disadvantages may be from a variety of points of view.

As governments increase the use of technology and bring functions online
for everything from birth certificates, paying taxes, and voting, the software that
is used determines the degree of transparency and freedom. Open source proponents
claim that open source lets citizen users inspect, improve and redistribute the
software freely, and point out that commercial software risks locking up official
documents in proprietary formats. But commercial software advocates point out the
benefits to a single entity claiming responsibility for their work. What are the
risks and benefits to each model?

Wireless networks are exploding in popularity, but are difficult to
secure. Locating insecure networks & advertising their locations has become a sport
known as "wardriving". We examine the Pen Register Act, the Wiretap Act, the
Electronic Communications Privacy Act, the Computer Fraud & Abuse Act to evaluate
criminal and civil liability which may apply to wardriving.

Copyright owners have sued p2p network services, providers of software,
ISPs, phone companies, and even venture capitalists who fund p2p companies. While
those initial suits were successful, content industries have recently suffered
reversals, most notably in their litigation against Streamcast & Grokster. Unable
to shut down p2p networks altogether, the music industry has begun to sue
individuals who upload music files.

These lawsuits present numerous legal, moral and policy issues. What First
Amendment and privacy rights are affected by the RIAA's subpoenas to ISPs' file
sharers' identities? How to balance the fact that p2p software has legal uses as
well as illegal ones, with the RIAA's claims that it is more efficient, and better
business, to sue the p2p software companies rather than users? Or should the RIAA
simply find a new business model? This panel will involve a vigorous and
wide-ranging debate among advocates of each of these positions, with a focus on the
privacy and liberty implications of the recent spate of lawsuits.

Recently, governments have tried a controversial new approach to
regulating Internet content: requiring ISPs to block access to content, such as
pornography and gambling, before it is delivered to Internet users. Targeting
neither the source nor host of the content, this content control instead places the
burden of blocking content on the delivering ISP. Yet this approach often leads to
the blocking of wholly unrelated content. We'll look at the court decision on the
Pennsylvania web blocking law, and other government efforts to control content at
the ISP bottleneck.

Data retention of ISP-generated traffic data is a major issue,
for privacy protection and also for the enforcement of the right of defense in
court. We'll analyse first the difference and similarity between EU and US and,
from a technical point of view, at which conditions the ISP retained data might be
held reliable in Court.

Suing customers appears to be in vogue. But long before the RIAA got in
on the action, DirecTV blazed the trail. Today, state "super DMCA" initiatives
across the US aim to make "mere possession" of general purpose technologies
unlawful, encouraging others to go where only DirecTV has dared to go before. What
are the implications for civil liberties and general purpose technologies when
lawyers can come after you for "mere possession"?

The FCC has long had a role in regulating (or not regulating) the
Internet. Recently it has been reviewing that role. This panel will provide an
overview of the FCC's current plans and examine the implications for the future of
the Internet, focusing not only on concrete regulatory issues but also policy
issues about competition, openness, network neutrality, the "end-to-end"
principle and the concept of common carriage. Can FCC regulation or regulatory
forbearance foster openness, competition, and neutrality?

While the entertainment industry litigated and lobbied,
many observers concluded that p2p is an exciting technology with one significant
downside: how to pay authors & artists for their work. The file sharing wars
inspired widely divergent proposals for fostering online distribution and paying
authors and artists. We'll consider leading alternatives, including digital rights
management, compulsory licenses and levies, voluntary collective licensing, and
voluntary user payments. We'll focus on nuts & bolts, rather than debating the
file-sharing wars. We'll ask which proposals could work. What are their practical
advantages & drawbacks? How do they measure consumer demand? How do they affect
privacy?

The Council of Europe Cybercrime Treaty is an international
agreement created for the stated purpose of helping police cooperate on crimes that
take place on the Internet. Its supporters, including the US DOJ, argue that it is
a surgical instrument necessary to allow for international law enforcement
cooperation in prosecuting crime on the Net. Opponents say it is a meat axe,
requiring signatory nations to cooperate with foreign dictatorships and giving
invasive new surveillance powers to law enforcement. While the treaty has broad
implications for the wired world, it has received very little attention since 9/11.
President Bush recently sent the Treaty to the Senate for ratification, which will
rekindle the controversy in the US.

EFF established the Pioneer Awards to recognize leaders on the
electronic frontier who are extending freedom and innovation in the realm of
information technology. This year's ceremony will be held at Chabot Space and
Science Center. The event will begin at 6:30pm with a Planetarium show, which will
be followed by a catered reception, and the Pioneer Award ceremony itself.

This video screening brings back the futuristic promises of the
past -- alluring, utopian ideas like domestic robots, ubiquitous networking,
telepresence, and intelligent appliances -- and shows how major American
corporations appropriated them as their own. Their promise: a bright, affluent
future enabled by cybernetics and technology, and they're still singing the same
song. We'll counterpose films like CENTURY 21 CALLING, A NATION AT YOUR
FINGERTIPS, and MAGIC IN THE AIR with recent futuristic TV commercials from AT&T
and IBM. What (if anything) has changed? Why has utopian fantasy become campy
anachronism rather than call to action? And would we really want to live in this
utopian world, anyway?

This BOF will provide an update and overview of (1) current
proposals for government and commercial uses of travel data and the conversion of
the travel reservation infrastructure into a system for surveillance of travelers,
including CAPPS-II, US- VISIT, APIS, biometric and RFID passports and travel
documents, the jetBlue Airways and Northwest Airlines "sharing" of reservation
archives, and current and potential policies and practices for commercial uses of
travel reservation archives; (2) the status of related regulatory and legislative
activity and litigation in the USA, EU, Canada, and international standard-setting
bodies such as IATA and ICAO; (3) Gilmore v. Ashcroft, Hiibel v. Nevada, and
anonymous travel; and (4) strategizing for responses and initiatives to protect
and defend the privacy of travelers and the right to travel.

This BOF will present the discussions on digital copyright in
Europe, Japan and China. It will explore how these discussions differ from those
taking place in the United States, and how they are influenced by the United
States. It is widely recognized that the United States has been leading the digital
copyright policy discussions on the international level (such as TRIPS and WIPO)
and influencing other countries' policies. However, the United States is not the
only country in which policy makers, lawyers and technologists debate about digital
copyright issues. The BOF will cover: how Europe is trying to solve the problem of
balancing anti-circumvention regulations and user freedoms; how its strategies
differ from the fair use approach taken in the U.S., and what pros and cons these
two strategies have in the digital environment; how the Japanese copyright law
currently respects and preserves user freedom; how the Koizumi Administration is
trying to expand the scope of copyright regulations inspired by the U.S. pro-IP
policy in the 1980's; how China has changed its copyright law in the past two
decades under U.S. diplomatic and political infuence; and, finally, the vigorous
opposing voices against a stronger copyright policy as well as unexpected copyright
and other legal issues arising from the digital freedom movement in China.

Moderator: Yugo Noguchi,
Stanford University Law School
Presenters:
Qiong Wu, University of California,
Berkeley, School of Law (Boalt Hall); Daniel
Benoliel, University of California, Berkeley, School of Law (Boalt Hall)

Lawyers and legal activists are invited to brainstorm solutions
to the legal hurdles facing any challenge to the USA PATRIOT Act's surveillance
provisions. In particular, we'll talk about how to find plaintiffs with standing to
challenge surveillance laws that operate in secret, and what legal theories may
succeed in the face of a decades-long weakening of Fourth Amendment protections.

After 10-15 minutes of introductory comments from Kevin Bankston
outlining the various legal hurdles facing lawyers hoping to challenge the PATRIOT
Act's surveillance provisions, attendees will participate in an interactive
discussion of innovative approaches and potential solutions to these problems.

Technologists, developers, policymakers and advocates are invited to a
discussion with the HP Chief Privacy Officer and a HP Trusted Systems Lab scientist
to explore the needs of developers to design and build privacy-compliant and
privacy enabling products and systems. We will focus on ideas that contribute to
the practical application of design: tools, training, impact assessments and review
guides.

The HP Privacy program has been recognized by many as having an
industry-leading privacy policy and practices. We work hard on "walking the talk."
The HP Chief Privacy Officer is leading an internal intitative to take operational
privacy excellence to our commercial products and services. We're interested in
having an "outside looking in" perspective on both classic and novel approaches to
"designing in privacy". We are interested in techniques and practices that can be
leveraged across the industry.

What are the best practices in other industries?
The worst?

What do developers need be successful in designing in privacy?

What are the most useful approaches or tools for developers
translating a set of
policy requirements to code?

How can different aspects of privacy controls be built in to
allow for flexibility - for health information, financial information, behavior
information, sensitive information, anonymized information?

What pitfalls should be avoided?

Join us for an intriguing and thought-provoking discussion on "design for
privacy."

"Hacktivista" is the story of three University of Toronto students who
travel with their professor to Guatemala and Chiapas to work with human rights
organizations and activists on Internet security and connectivity. The students
call themselves "hacktivists" -- a new breed of social activists who use technology
to fight for privacy and freedom of speech. See http://www.citizenlab.org/hacktivista/
for more info.

Presenter: Robert Guerra, consultant to & translator for the
documentary, will introduce the documentary & answer questions after the
screening.

This session will include a demonstration of a new free/open platform
for online deliberation: an asynchronous, web-based tool for group discussion,
collaboration, and decision making, which is a project of PIECE (Partnership for
Internet Equity and Community Engagement, http://piece.stanford.edu). The platform is
aimed at helping grassroots organizations to be more participatory, with a richer
environment for online asynchronous meetings than is available in message boards,
email lists, and other groupware of which we are aware. We will demonstrate the
capabilities of POD and discuss the relationship between its design and the
problems of grassroots democracy. The fact that coming to decisions generally
requires real-time, face-to-face meetings serves as an excuse for inner-circle
decision making, which we hope to undermine through this project. The free/open
aspect will also allow groups to control their own online spaces, serving as an
antidote to the liberty-threatening policies of commercial providers.

Several vendors of electronic voting machines as well as the Open Voting
Consortium will be on hand to demonstrate their systems and answer questions. This
is an opportunity to try out several examples of electronic voting machines,
including machines that provide voter verified paper ballots.

From ISP offered services and workplace accounts to webmail, from paid
to free, from client to server side spam filtering and virus blocking, etc.
consumers have a wide range of email options. Google's forthcoming email system,
Gmail, has reignited a conversation about the privacy of email. How should
consumers make the best choice for themselves? What are the risks of using an
employer's e-mail service for personal mail? What are the risks of using a webmail
service rather than one offered by an ISP? At what price free? How far is the
government's reach into your mailbox? What about private litigants? In what ways
could the laws be amended to better protect privacy expectations in email? Is there
a privacy difference between text based spam and virus filtering, and ad placement
based on the same technology? What happens when you store messages with an email
provider? Does it matter whether they are an ISP or not? This session will address
the wide range of privacy issues raised by continually evolving email technologies.
Panelists will reflect on what users expect, what the law protects, and what the
market offers.

The US government's use of corporate databases containing personal
information on individuals in its effort to identify terrorists has garnered
criticism from elected officials, private citizens, and other nations. At the same
time, elected officials, think tanks, and those involved in intelligence and law
enforcement argue that identifying terrorists requires enhanced access and use of
information. We'll consider the current legal framework controlling government
access and use of private sector databases, the privacy and security concerns posed
by government use of such databases for terrorism purposes, and the possible
benefits of government use of such databases.

Identity theft often reaches beyond the borders of a single
state or country. Recently, for instance, credit card information of US citizens
was used to manufacture false cards in Romania, and then the cards were used in the
EU. To efficiently combat cybercrime and ID theft, countries must cooperate to
create a system of protection & enforcement that goes beyond each country's
borders. This session will provide actual examples of national and global identity
theft schemes; analyze existing and pending cyber security laws, protections, and
initiatives in different countries that address directly or indirectly identity
theft; review existing global cybercrime treaties and initiatives, and suggest
potential coordinated actions nationally and globally.

During the course of the conference (or before, if you're less
fortunate) you may have been served with a cease-and-desist demand letter making
outrageous allegations that your online activities violate the law. The Chilling
Effects Clearinghouse (chillingeffects.org) has been collecting and cataloguing
these letters for the past two years and, where appropriate, fighting online chill.
Panelists from the project will give a weather map from data we've gathered,
assessing the climate for online activity: What activities risk being frozen out?
What can we do to warm the air?

The 18-24 year-old age group exhibits a vigorous attachment to online
community, from p2p networks to IM and text messaging. Will these attachments spill
over into the physical, and the political world? Will these attachments stick with
youth as their own demographics change? This panel will explore the ways that the
Internet has been used to engage youth in politics and in Election 2004.

A lawyer and an ethicist will lead a discussion regarding the unique
ethical and legal issues of privacy, anonymity, consent, and data ownership that
attend on-line research, and regarding the formulation of guidelines for conducting
such research.

Panelists: Dan Burk, Oppenheimer
Wolff & Donnelly Professor of Law, University of Minnesota; Charles Ess, Professor
of Philosophy and Religion and Distinguished Research Professor of
Interdisciplinary Studies, Drury University

Identity is a unifying concept bringing together security and privacy
aspects under one roof. The European Union has developed a strong legal and
regulatory framework in order to properly manage the balance between these two
aspects while respecting the fundament rights of the citizen. This balance,
strongly influenced by cultural environments in each country, has been challenged
recently by emerging information and communications technologies and post 9/11
policy initiatives. In this panel, technical experts will provide an overview of
the future of identity in Europe and its impact on security & privacy.
Presentations will be followed by a discussion between European privacy proponents
& representatives from law enforcement agencies about the future challenges related
to identity.

Moderator: Emilio De Capitani,
Civil Servant, European Parliament, Secretary of Committee on Citizen's Rights,
Justice and Home Affairs, "Identity and Balance Between Security and Privacy in
Europe"
Panelists:
Laurent Beslay, Scientific
Officer, Institute for Prospective Technological Studies (IPTS), European
Commission, "Identity: Privacy and Security for the Citizen in the Information
Society"; ;
Paul de Hert, Associated Professor (UHD), University of Leiden
University (the Netherlands), and Professor of Law, University of Brussels
(Belgium), "Privacy and Data Protection Concepts in Europe";
Marie-Hélène
Boulanger, Justice and Internal Affairs, European Commission, "Integration of
Data Protection Concerns in Justice and Home Affairs Large Scale IT
Systems."

Two candidates will stump us all in an election for "CFPer of the Year" at a
mock election designed to raise some of the issues brought up by electronic voting
systems with and without an auditing capability. Run by Verified Voting Founder
David Dill, this election will employ real election officials impersonating mock
election officials representing California and Florida and will serve as an
excellent introduction to the Electronic Voting panel that follows. Join us for a
fun way to explore this important topic and support the candidate you like best.
Who knows what might happen to your vote!

If your next vote is cast on a touch screen voting machine, how
will you know that it was counted correctly? Many computer scientists and public
interest groups argue that voter verified paper ballots are a necessary check for
the integrity of our elections. Opponents of voter verified paper ballots counter
that they unnecessarily complicate the voting process, add needless expenses, and
make providing access for the disabled more difficult, without really improving the
integrity of elections.

A walking tour is scheduled for Saturday, April 24th. It meets at 2pm by
the statue in the middle of Union Square in San Francisco (take the BART to Powell
Street, then walk three blocks north on Powell). (For more information, come to
the SF-SCP BOF Wednesday night.)